feat(lab6): Checkov + KICS scans

[ironveils]

Pull Request

Goal

Run IaC security scans with Checkov on Terraform and KICS on Ansible.

Changes

• submissions/lab6.md

Testing

• Checkov on Terraform: 127 checks total (49 passed, 78 failed)
• KICS on Ansible: 10 findings (9 HIGH, 1 LOW)

Checklist

• Title is clear (feat(labN): <topic>)
• No secrets/large temp files committed
• Submission file at submissions/labN.md exists
• Task 1 — Checkov on Terraform + Pulumi with top-5 rules and module-leverage analysis
• Task 2 — KICS on Ansible with Checkov-vs-KICS comparison
• Bonus — Custom Checkov policy demonstrably firing on the vulnerable sample